title: Microsoft 365 - Impossible Travel Activity
id: d7eab125-5f94-43df-8710-795b80fa1189
status: test
description: Detects when a Microsoft Cloud App Security reported a risky sign-in attempt due to a login associated with an impossible travel.
author: Austin Songer @austinsonger
references:
  - https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
  - https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
date: 2020/07/06
modified: 2021/11/27
logsource:
  service: threat_management
  product: m365
detection:
  selection:
    eventSource: SecurityComplianceCenter
    eventName: 'Impossible travel activity'
    status: success
  condition: selection
falsepositives:
  - Unknown
level: medium
tags:
  - attack.initial_access
  - attack.t1078